Posted: December 1, 2013 in Uncategorized
Sometime in the next few months I’m planning to go ahead with taking CompTIA’s Security+ exam, so it was nice timing for an offer of a copy to play around with for the sake of writing a review.
This is written as an overall resource for people who need to learn the material basically from scratch. For people who’ve actually spent a lot of time working on security, this will probably mean that big chunks of the book’s 500ish pages aren’t going to be necessary, but that just comes with the territory when you’re buying learning materials that have to cover this much ground.
It’s not going to make you an expert in any particular area, but that’s a good thing. The exam and certification are intended to demonstrate general security knowledge, so that’s what you need to get. You’ll learn about the difference between block ciphers and stream ciphers, for example. They also actually give you a pretty good description of things like 3DES and AES and how the algorithms work. On this, and other topics, they spare you a lot of obsessing over the really fine details that will only be useful for someone who’s specializing in a particular sub-field, rather than doing security work generally.
The practice tests on CD are probably at their most useful as a way of helping you to quickly get a rough idea of where you mostly have a handle on the material and where you really need to spend a lot more time studying.
It’s a pretty decent package, overall. With this type of material, a lot depends on how well you understand the way the authors express themselves, so it’s really worth your time to take a good look at the preview’s avaialable on the catalog page for the CompTIA Security+ Training Kit from O’Reilly Media.
Posted: October 11, 2013 in Uncategorized
Tags: Packet Analysis
There are two basic things that you need to know to have an idea of what this book is about. First, a packet is the way that computers break down information into small chunks so that they can send it out over the Internet. Second, it’s possible to run software that allows you to look at all the packets that your computer can see, including the ones that no application would ordinarily tell you about.
Practical Packet Analysis, then, is a book that’s intended to tell you how to get at those packets and how to use that access to do useful things. For this purpose, it focuses heavily on a piece of software called Wireshark. There are other options out there, but that one is exceptionally popular.
As the title implies, the goals of the book are pretty practical. It’s not trying to be a dissertation on the design of the infrastructure of the Internet. Its focus is on what you can find out with a piece of software, and how that might be useful. For example, System Administrators use these tools to figure out what the network is doing so that they can track down machines that might be causing a lot more traffic than normal.
It’s a good book for its purpose. You have to have some basic knowledge to get the most out of it, though. While this kind of topic is critical for System and Network administrators, I think looking at live packets on a network is something that everyone working in the technology field should do at least once. The NSA leaks have done a lot to make people more conscious of the fact that your traffic can be picked up, but the problem isn’t just the NSA. Once you see how much information is flying and how much it can tell you, that’s shapes the design decisions you’ll make going forward about how programs should handle information and share it over the network.
You can get more information, including a more detailed topic list through the Table of Contents, on the Practical Packet Design catalog page from O’Reilly. Note that they gave me free access to an electronic copy of the book for the purpose of reviewing it, but my opinions are entirely my own.
Posted: July 21, 2011 in Uncategorized
I was given free access to a review copy of this set of videos a while ago, but I held off on actually reviewing it because it seemed very likely that they hadn’t quite posted the entire thing yet. The rest has been added now, so I can go ahead and talk about it without worrying about it being incomplete!
Bash is both probably the most popular shell for most Linux and Unix and similar systems, and also a scripting language that’s used with the shell. This set of videos focuses on the scripting part by taking you through all of the major topics that you need to write a Bash script.
You’ll have a much easier time of it if you already have some comfort with the basic principles of working on the command line. He touches very briefly on what regular shell commands do as they come up, but command line novices aren’t the target audience here and will probably be overwhelmed by how much information they would need to absorb.
The nice thing about these videos is that you’re hearing his explanations of why he’s doing everything as it happens along with the chance to see all of the interaction that’s happening with the shell and how it responds at each step. There are good written tutorials of Bash out there for free, so watching these definitely isn’t necessary for learning shell scripting. Still, if your learning style leans more toward the auditory and visual, Great Bash will be a great resource in making the topic understandable.
Posted: July 14, 2011 in Uncategorized
There’s a lot that’s interesting about the early days of Google from both business and technology perspectives, but what grabbed me about this interview with an early Google employee is that when he’s asked about Google’s issues with privacy objections, he reframes it as a problem of rationality:
Google doesn’t have enough irrational people working there, and the rest of the world doesn’t have enough rational people occupying it.
The point that he comes around to is that, even if it isn’t strictly factually accurate that having Google automatically scan your email for keywords in order to choose the advertising it shows, people still feel like their privacy has been invaded. The unusually rational bunch of people who control a lot of the decision making at Google have difficulty grasping the fact that perception might as well be reality when it comes to how people react on an issue like this, and so they get themselves into trouble.
My mind went straight back to that article when I saw this claim today that half of the people who’ve used government social programs think they haven’t. There are some statistics about how many people who have benefited from different types of programs still think they’ve never gotten any social program benefits, but that’s not really the main thing that interested me here.
In the comments, you can see that people get into debating details like what constitutes a social program and what counts as getting benefits. Some of them actually are a little arguable, but the most interesting part to me is the stark line that people try to draw between the idea of the government sending you money and the government not taking the money to begin with (e.g. tax credits).
In the strictly mathematical and rational sense, whether I give someone $5 with an agreement that they were discounting it from $10 or I give them $10 and get $5 back afterward, we’re in effectively the same situation. The emotional nature of the exchange is very different in those two cases, though.
Posted: June 30, 2011 in Uncategorized
I’ve been busy for the past couple of months and not commenting on much, but I’m very curious what we’re going to be looking at as Google+ evolves.
Facebook may be losing popularity in some areas without any help from Google. Meanwhile, people are apparently trying to sell the opportunity to access Google+ via eBay.
It may very well go this way, at least in some circles.
I’m not saying that it’s a meaningful comparison that Facebook is losing users for its free service while there’s a sort of black market developing for access to Google’s, but I bet there are some comedians out there who are playing this situation for humor value.
It looks like they’ve been working on this for a while, so it seems like they just got very lucky that they happened to hit their launch at a time when Facebook is already showing some weakness. If the service turns out to be as good as some reviews are saying, there could be a lot of entertainment value coming up in watching how Facebook reacts.
Posted: May 9, 2011 in Software
My first thought while reading the blog entry explaining the new Writing Helper feature was that it seems like it should be hard to write something like “We know the hardest part of blogging is actually writing posts” with a straight face. It’s almost like saying that the hardest part of writing is doing the writing.
Once you get past the fact that it sounds silly, it’s very true. Many people aren’t very confident about their ability to write, and some of the people who are confident probably shouldn’t be.
These are both great features. I’m sure that a lot of people who need to reuse the same format repeatedly have already taken the step of creating a template for themselves that they could copy and paste, but the Copy A Post feature simplifies the process.
I think that the Request Feedback feature has a lot more potential to have an effect on the development of blogs. You were always able to email someone a copy of what you wrote and ask for feedback, but this makes it seem a lot more natural to do so. The best way to improve your writing is to get feedback on what currently isn’t working, so it’ll be interesting to see whether the little nudge of having a special button for the purpose encourages people to actually do so.
Posted: May 8, 2011 in Uncategorized
I went out to participate in the untimed adult portion of the Race for the Cure today. My mother decided that she wanted me to go with her, and since she paid the registration I went along with it.
Considering the size of the event, it’s amazing that they manage to pull off the logistics. Bringing that many people into a city all at about the same time and arranging to have them park and get themselves to the right places so that they can do their various parts of the event must take a lot of work and a serious sense of organization.
If I ever go there again, I think I may have to try the timed run.